With recent popularization of a data communication network, a so-called home network is becoming prevalent in homes. In the home network, home electric appliances, computers, and other peripheral devices are connected to a network so that these devices can communicate with each other. In the home network, devices connected to the network communicate with each other so as to share a data processing function of each device and to transmit/receive content between the devices. Accordingly, the home network provides users with convenience and comfort, and thus will become more and more prevalent in the future.
As a protocol suitable for a configuration of such a home network, a Universal Plug and Play (UPnP) is known. The UPnP can easily establish a network without complicated operations, and allows devices connected to the network to receive a service provided by each of the devices without difficult operations and settings. Further, the UPnP does not depend on an OS (operating system) of a device and thus a device can be easily added advantageously.
In the UPnP, devices connected to the network exchange definition files compatible with an XML (extensible Markup Language) so as to identify each other. The outline of processes according to the UPnP is as follows:
(1) Addressing process of obtaining a self-device ID, such as an IP address;
(2) Discovery process of searching for devices on the network, receiving a response from each of the devices, and obtaining information included in the response, such as the type of device and a function thereof; and
(3) Service request process of requesting a service to each device based on the information obtained in the discovery process.
By performing the above-described processes, a service can be provided and received by applying network-connected devices. A device that is newly connected to the network obtains a device ID by performing the above-described addressing process and obtains information about other devices connected to the network by performing the discovery process, so that the device can request a service to another device based on the obtained information.
In this type of network, however, measures against unauthorized accesses need to be considered. Devices in a home network, for example, a server or the like, often store content requiring management of a copy right, such as private content or paid content.
Content stored in a server of the home network can be accessed from devices connected to the network. For example, the content can be obtained by a device that has performed the above-described UPnP connection, which is a simple device connecting configuration. When the content is movie data or music data, a user can see a movie or listen to the music by connecting a television set or a player or the like to the network.
An access from a device of a user having a right to use the content may be permitted. However, in the above-described network configuration, even a user who does not have a right to use the content can easily enter the network. For example, in a network configured of a wireless LAN, an unauthorized user may illegally enter the network to access a server in the home from the outside or a neighborhood by using a communication device so as to steal content. Such a configuration allowing an unauthorized access causes leakage of secrets and also provokes a serious problem in terms of management of copy rights of content.
In order to eliminate the above-described unauthorized accesses, the following configuration has been suggested. That is, a server is allowed to hold a list of clients having a right to access the server. When the server receives an access request from a client, the server performs verification by using the list so as to eliminate an unauthorized access.
For example, a MAC (Media Access Control) address filtering has been known. In the MAC address filtering, a MAC address as a physical address unique to a network-connected device is set in an access-permitted device list. In the MAC address filtering, MAC addresses permitted to have an access right are registered in advance in a router or a gateway for isolating an internal network (subnet), such as a home network, from an external network. Then, a MAC address of a received packet is compared to the registered MAC address so as to refuse an access from a device having an unregistered MAC address. This technique is disclosed in, for example, Patent Document 1 (Japanese Unexamined Patent Application Publication No. 10-271154).
However, in order to register MAC addresses to limit accesses, MAC addresses of all devices connected to the network must be obtained. Further, an operator must input the obtained MAC addresses (48 bits) of the all devices to create a list. This process can be performed under a predetermined administrator when a secure environment needs to be established in a specific company or a group. However, it is not practical to request a general user to create and store a MAC list in a home network environment established in a home.
In a home network, addition of a new device often occurs. Therefore, if a user has to obtain and register a MAC address of an added device every time a device is added, ease of establishing a network is inhibited.
On the other hand, a network configuration including a personal computer and home electric appliances has being established in more homes and a so-called ubiquitous environment in which any device can access the network has being established. At the same time, an external communication device can easily invade a wireless LAN due to popularization of the wireless LAN. In such a network environment, unauthorized accesses to network-connected devices are more likely to occur, and a possibility that secret information is stolen by an unauthorized access and that content is illegally read is becoming higher and higher. Under these circumstances, demand for easily realizing an appropriate access control configuration without putting a load on users has grown.
Even if an access right can be appropriately determined, when a client connected to an external network wants to obtain information of each server on an internal network connected to a home network, the client needs to individually access each server in order to obtain the information.
If the client is connected to the internal network, the client can obtain information from a plurality of servers at the same time by performing a search process according to the above-described UPnP, that is, by multicasting (HTTPMU: HTTPMulticast) a search request according to a UDP (User Datagram Protocol), so as to easily obtain server information.
However, it is difficult for a client connected to the external network to obtain information of servers connected to a specific internal network by multicasting the above-described UDP packet. In addition, transmitting unencrypted server information to an external network, such as the Internet, involves a risk of tapping.